Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill documentation directs the agent to perform shell commands, read local files, write output files, and fetch arbitrary URLs, yet no declared permissions or trust boundaries are specified. This creates a real security gap because a user may trigger network access or local file processing without explicit capability declaration, making review, sandboxing, and consent harder.
